diff options
| author | oxalica <oxalicc@pm.me> | 2024-05-03 02:22:47 -0400 |
|---|---|---|
| committer | oxalica <oxalicc@pm.me> | 2024-05-03 02:25:55 -0400 |
| commit | 7db62770903cc90dde4babd06829b92387154a96 (patch) | |
| tree | 989d58e46ef0c4ca68511b27b4022431a97457f3 /pkgs/kde | |
| parent | 63c3a29ca82437c87573e4c6919b09a24ea61b0f (diff) | |
kdePackages.kwin: apply lowering CAP_SYS_NICE patch
This patch exists on plasma5Packages.kwin and is still applicable for KDE6.
Diffstat (limited to 'pkgs/kde')
| -rw-r--r-- | pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch | 40 | ||||
| -rw-r--r-- | pkgs/kde/plasma/kwin/default.nix | 1 |
2 files changed, 41 insertions, 0 deletions
diff --git a/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch new file mode 100644 index 0000000000000..e6408605aa431 --- /dev/null +++ b/pkgs/kde/plasma/kwin/0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch @@ -0,0 +1,40 @@ +From 232e480ab1303f37d37d295b57fdcbb6b6648bca Mon Sep 17 00:00:00 2001 +From: Alois Wohlschlager <alois1@gmx-topmail.de> +Date: Sun, 7 Aug 2022 16:12:31 +0200 +Subject: [PATCH] Lower CAP_SYS_NICE from the ambient set + +The capabilities wrapper raises CAP_SYS_NICE into the ambient set so it +is inherited by the wrapped program. However, we don't want it to leak +into the entire desktop environment. + +Lower the capability again at startup so that the kernel will clear it +on exec. +--- + src/main_wayland.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/main_wayland.cpp b/src/main_wayland.cpp +index 1720e14e7..f2bb446b0 100644 +--- a/src/main_wayland.cpp ++++ b/src/main_wayland.cpp +@@ -39,7 +39,9 @@ + #include <QWindow> + #include <qplatformdefs.h> + ++#include <linux/capability.h> + #include <sched.h> ++#include <sys/prctl.h> + #include <sys/resource.h> + + #include <iomanip> +@@ -285,6 +287,7 @@ static QString automaticBackendSelection() + + int main(int argc, char *argv[]) + { ++ prctl(PR_CAP_AMBIENT, PR_CAP_AMBIENT_LOWER, CAP_SYS_NICE, 0, 0); + KWin::Application::setupMalloc(); + KWin::Application::setupLocalizedString(); + KWin::gainRealTime(); +-- +2.37.1 + diff --git a/pkgs/kde/plasma/kwin/default.nix b/pkgs/kde/plasma/kwin/default.nix index fc5f00991d9ee..7c3b0ce2bbe12 100644 --- a/pkgs/kde/plasma/kwin/default.nix +++ b/pkgs/kde/plasma/kwin/default.nix @@ -26,6 +26,7 @@ mkKdeDerivation { # The rest are NixOS-specific hacks ./0003-plugins-qpa-allow-using-nixos-wrapper.patch ./0001-NixOS-Unwrap-executable-name-for-.desktop-search.patch + ./0001-Lower-CAP_SYS_NICE-from-the-ambient-set.patch ]; postPatch = '' |